Endian

Firewall Community

35 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-34823

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:46:13
  • Zuletzt bearbeitet 07.04.2026 14:02:49

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affect...

5.4

CVE-2026-34822

  • EPSS 0.02%
  • Veröffentlicht 02.04.2026 14:46:13
  • Zuletzt bearbeitet 07.04.2026 14:06:07

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view t...

5.4

CVE-2026-34821

  • EPSS 0.05%
  • Veröffentlicht 02.04.2026 14:46:12
  • Zuletzt bearbeitet 07.04.2026 14:10:38

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view ...

5.4

CVE-2026-34820

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:46:11
  • Zuletzt bearbeitet 07.04.2026 14:19:11

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ipsec/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

5.4

CVE-2026-34819

  • EPSS 0.01%
  • Veröffentlicht 02.04.2026 14:46:10
  • Zuletzt bearbeitet 07.04.2026 14:20:20

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/openvpnclient.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the a...

5.4

CVE-2026-34818

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:46:10
  • Zuletzt bearbeitet 07.04.2026 14:21:23

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view th...

5.4

CVE-2026-34817

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:46:09
  • Zuletzt bearbeitet 06.04.2026 16:12:17

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view th...

5.4

CVE-2026-34816

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:46:08
  • Zuletzt bearbeitet 06.04.2026 16:13:01

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view ...

5.4

CVE-2026-34815

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:46:07
  • Zuletzt bearbeitet 06.04.2026 16:13:52

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the aff...

5.4

CVE-2026-34814

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 14:46:07
  • Zuletzt bearbeitet 06.04.2026 16:14:08

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affec...